pidgin/pidgin

Make ssl_*_read robust against bogus connection, like ssl_*_write is
discord-ssl-crash
12 months ago, Samuel Thibault
3e026e7db681
Make ssl_*_read robust against bogus connection, like ssl_*_write is
--- a/libpurple/plugins/ssl/ssl-gnutls.c Mon Dec 16 20:20:20 2019 -0600
+++ b/libpurple/plugins/ssl/ssl-gnutls.c Sat Apr 04 01:36:20 2020 +0200
@@ -451,9 +451,10 @@
ssl_gnutls_read(PurpleSslConnection *gsc, void *data, size_t len)
{
PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
- ssize_t s;
+ ssize_t s = 0;
- s = gnutls_record_recv(gnutls_data->session, data, len);
+ if(gnutls_data)
+ s = gnutls_record_recv(gnutls_data->session, data, len);
if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) {
s = -1;
--- a/libpurple/plugins/ssl/ssl-nss.c Mon Dec 16 20:20:20 2019 -0600
+++ b/libpurple/plugins/ssl/ssl-nss.c Sat Apr 04 01:36:20 2020 +0200
@@ -529,6 +529,9 @@
PRInt32 ret;
PurpleSslNssData *nss_data = PURPLE_SSL_NSS_DATA(gsc);
+ if (!nss_data)
+ return 0;
+
ret = PR_Read(nss_data->in, data, len);
if (ret == -1)